Mobile communications networks, such as cellular telephone and/or personal communication systems (PCS) networks allow customers to travel, yet remain connected to the network. FIG. 1 illustrates a portion 10 of such a network. A customer having a cellular telephone or personal communications device (referred to collectively as "handset" 12) is connected to a wireless communication network 14 provided by a cellular or personal communication service provider (collectively referred to as PSP). As the customer travels, he may enter a number of Registration Areas (RAs) such as RA.sub.1 16, RA.sub.2 18, which are different geographical areas serviced by the same or different PSPs. The PCS service area within the PSP 14 may be populated with base stations 20 for providing wireless access to the handset, and mobile switching centers (MSC) 22 that control the base stations.
According to the standard commonly used in North America, the customer may have personal information, such as a telephone or personal communications number, account information, credit and billing information, and the like stored in a PSP 14 network database servicing the customer's home area. This database is known as the Home Location Register (HLR) 24. As the customer travels to different RAs, i.e., the handset 12 crosses dashed line 26 in FIG. 1 to exit RA.sub.1 16 and to enter RA.sub.2 18, (the handset in phantom is in the geographical area serviced by RA.sub.2) the customer is automatically registered at the new area's local PSP 14 network database. Typically, a subset of the information stored at the HLR 24 is stored at this remote database. This remote database is referred to as a Visitors Location Register (VLR) 28. The network may also store personal information about the customer which identifies the customer as an authorized user of the network. This authentication information is typically stored in a database referred to as an Authentication Center (AC) 30. A customer is "authenticated" to identify the user and insure that the user is authorized to receive the mobile service.
The Electronic Industry Association/Telecommunications Industry Association (EIA/TIA) has proposed a revised system for cellular communications known as Interim Standard IS 41 Revision C. This standard has defined protocols for authentication, voice privacy, and signal message privacy, and includes two different user authentication algorithms. The algorithms for authentication and voice and signaling privacy are based on encryption techniques which use shared secret data (SSD) shared between the customer's handset 12 and the AC 30, which maintains the SSDs for each network customer. One of the authentication algorithms, referred to as the WS Scheme, makes the most efficient use of authentication signal traffic on the cellular network when the customer changes RAs i.e., 16, 18 more frequently than makes or receives calls. This relationship between registrations and calls is referred to as the call-to-mobility ratio (CMR). The second algorithm, referred to as the S Scheme, makes efficient use of authentication signal traffic where the customer makes or receives more calls than registers into new RAs (i.e., the CMR&gt;1).
The WS scheme shares the SSD between the handset 12 and the AC 30 only. In the S Scheme, the SSD is also shared with the VLR 28, as well. Only the VLR 28 and handset 12 are involved in call authentication. Thus, the cost is "cheaper" then the WS scheme, where the HLR 24 and AC 30 are involved in the authentication. However, registration requires additional message flow beyond the WS Scheme's requirements. Thus, there is a tradeoff between the two schemes depending on the customer's CMR. Neither authentication scheme will provide the most efficient use of network resources for all of a PSP's customers nor, in many instances, even for a single customer.
1. The WS Scheme PA1 2. The S Scheme
In the WS Scheme, the SSD is shared between the handset 12 and the AC 30. Each handset has a Mobile Identification Number (MIN), which is stored in the handset during manufacture and cannot be changed. Also associated with the handset 12 is a unique Electronic Serial Number (ESN). FIG. 2 illustrates the message flow 50 between the PSP, VLR, HLR, and AC during WS Scheme registration.
When a customer enters into a new RA, the handset receives a signal emitted from the local base station informing it that it has entered into a new RA and authentication is required. The handset executes a Cellular Authentication and Voice Encryption (CAVE) algorithm, using the SSD, ESN, and MIN stored in the handset, and a random number (RAND) which the handset obtains from the PSP. The result of this algorithm is a registration authentication result (AUTHR). The handset then requests the MSC 22 for registration at the new RA. This is done by supplying AUTHR, ESN, MIN, the eight most significant bits of RAND (RANDC), and an account of significant events initiated by the handset, such as registration history, call originations, and call terminations. This account is known as COUNT. COUNT is also maintained by the AC. The MSC forwards the authentication request in a message AUTHRQST to the VLR servicing the new RA (line 52). The VLR forwards the AUTHRQST to the HLR with the parameters it has received (line 54). The HLR forwards the AUTHRQST to the AC (line 56).
When the AC receives the AUTHRQST, it retrieves the SSD associated with the MIN, and performs the CAVE algorithm using the MIN, ESN, and RAND received from the HLR. The authentication result of the CAVE algorithm is compared to the AUTHR generated by the handset. The COUNT stored in the AC is also compared to the COUNT received from the handset. If the comparisons are favorable, the AC provides an authentication response authrqst, which is sent to the HLR (line 58), VLR (line 60), and MSC (line 62). When the MSC notifies that the registration is authorized, the MCS issues a registration notification message.
FIG. 3 illustrates the message flow 100 when a handset registered at a new RA originates a call. When the customer wishes to place a call, the handset executes the CAVE algorithm using the same parameters as above and the digits dialed by the customer. This results in the AUTHR signal, a voice privacy mask VPMASK, and a signal message encryption key SMEKEY. These three signals are forwarded to the serving PSP system. The PSP sends the AUTHRQST to the VLR (line 102), which forwards the signal to the HLR (line 104), which forwards the signal to the AC (line 106). The AC verifies the AUTHR and COUNT values and generates VPMASK and SMEKEY. The response authrqst is sent to the HLR (line 108), VLR (line 110), and the PSP (line 112). When the handset is authenticated, the serving PSP initiates an IS 41 location request message LOCREQ to determine the called party's current location.
When the customer's handset is the location of a call termination (i.e., the customer is receiving a call on the handset), the message flow is similar to the flow described in FIG. 3. The serving PSP pages the called handset. In response, the handset executes the CAVE algorithm using AUTHR, COUNT, ESN, MIN, and RANDC. The message flow is the same as shown in FIG. 3. When the called handset is authenticated, a voice channel is established between the handset and the calling party.
In the S Scheme, the SSD is shared with the VLR 28. Thus, handset registration during authentication requires more steps than registration under the WS Scheme. This is because the COUNT value is stored in the previous RA's VLR 28. In order for the AC 30 to authenticate the handset, it must request the COUNT from the previous RA's VLR 28. Once the handset is registered in the new VLR 28, all other transactions such as call origination and call termination, may be authenticated by the VLR 28. Access to the AC 30 is not needed again until the handset enters a new RA and registration is required.
FIG. 4 illustrates the message flow 150 between the MSC, the previous RA's VLR (the "Old VLR"), the new RA's VLR ("VLR"), HLR, and AC during S Scheme registration. When the handset determines that it has entered a new RA, registration is required and the handset must be authenticated to access PSP services. The handset executes the CAVE algorithm using the SSD, ESN, and MIN associated with the handset, and RAND obtained from the PSP at that time. The algorithm results in a registration authentication result AUTHR. The handset then requests the MSC 22 for registration at the new RA. This is done by supplying AUTHR, ESN, MIN, RANDC, and COUNT. Unlike the WS Scheme, in the S Scheme, the COUNT is not maintained by the AC. The AUTHRQST is sent from the MSC to the VLR (line 152), the HLR (line 154), and the AC (line 156). The AC cannot verify the handset without COUNT. Therefore, the AC issues a COUNTREQ message, requesting the COUNT. This COUNTREQ is sent to the HLR (line 158) and then to the Old VLR (line 160). The Old VLR responds by sending the COUNT in a countreq message to the HLR (line 162) which is directed to the AC (line 164). The AC may now verify the handset and, if verified, the AC issues a response authreq to the AUTHRQST which is sent to HLR (line 166), VLR (line 168), and the PSP (line 170).
FIG. 5 illustrates the message flow 200 when a handset registered at a new RA under the S Scheme originates or terminates a call. When the customer places or receives a call, the handset executes the CAVE algorithm using the same parameters as above and the digits dialed by the customer. This results in the AUTHR signal, VPMASK, and SMEKEY. These three parameters and the dialed digits are forwarded to the serving PSP system. The PSP sends the AUTHREQ to the VLR (line 202). The VLR, which stores the COUNT value, performs the CAVE algorithm and generates AUTHR, VPMASK, and SMEKEY. If AUTHR and COUNT verify, these results are sent in an authreq message with VPMASK and SMEKEY to the PSP (line 204).
As used in this patent application a "cycle" means the time period between two consecutive registrations for a customer. The "cost of a cycle" as used in this patent application means the number of messages sent to access a database (AC/HLR/VLR) during a cycle. The messages for a registration are included in the cost of the cycle in which the customer is being registered (e.g., the new cycle).
As seen in FIGS. 2 and 3, in the WS Scheme, 5 database accesses are needed to authenticate a registration and 5 database accesses are needed to authenticate each call origination or termination. Thus, a customer's total expected cost per cycle of the WS Scheme is 5+5i, where i is the number of calls originated or terminated during the cycle.
As seen in FIGS. 4 and 5, in the S Scheme, 9 database accesses are needed to authenticate a registration and 1 database access is needed to authenticate each call origination or termination. Thus, a customer's total expected cost per cycle of the S Scheme is 9+1i. Please note that the two schemes cost the same when i=1. The WS Scheme is more cost effective when the CMR&lt;1; the S Scheme is more cost effective when the CMR&gt;1.
Because neither authentication scheme provides the most efficient use of authentication signals for all of a PSP's customers nor, in many instances, even for a single customer, it is an object of the present invention to provide a method for adaptively switching between the WS and S Schemes, depending on the customer's mobile communications usage.